Pierluigi Paganini
February 10, 2023
Reddit announced it was hit by a sophisticated and highly-targeted attack that took place on February 5, 2023. A highly-targeted phishing attack hit the employees of the company. The company pointed out that Reddit user passwords and accounts were not compromised.
The spear-phishing messages redirected users to a website mimicking the company’s intranet gateway, the landing page was designed to trick victims into providing credentials and second-factor tokens.
“On late (PST) February 5, 2023, we became aware of a sophisticated phishing campaign that targeted Reddit employees. As in most phishing campaigns, the attacker sent out plausible-sounding prompts pointing employees to a website that cloned the behavior of our intranet gateway, in an attempt to steal credentials and second-factor tokens.” reads a notice published by the company.
Once obtained a single employee’s credentials, threat actors gained access to some internal docs, code, as well as some internal dashboards and business systems. The primary production systems of the company were not compromised.
“Exposure included limited contact information for (currently hundreds of) company contacts and employees (current and former), as well as limited advertiser information.” continues the notice. “Based on several days of initial investigation by security, engineering, and data science (and friends!), we have no evidence to suggest that any of your non-public data has been accessed, or that Reddit’s information has been published or distributed online.”
The company states that the phished employee self-reported and launched an internal investigation to determine the extend of the incident. The Security team responded quickly to the incident by locking out the intruders.
Reddit set up 2FA (two-factor authentication) to increase the security of users’ accounts.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Reddit)
